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DETAILED ACTION 

1. Claims 3, 6-10, and 15-17, and 19-30 have been examined. 

Information Disclosure Statement 

2. The following Information Disclosure Statements in the instant application have 
been fully considered: 

IDS filed 14 August 2007. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

3. Claims 26 and 29 are rejected under 35 U.S.C. 102(b) as being anticipated by 
WIPO Patent Publication No. 98/44402 to Bramhill et al. 

Bramhill discloses a server that securely sends data to an authenticated client. 
This inherently requires the server to have a memory from which an image of the 
program having this functionality can be executed. The authentication of the token may 
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involve the use of a token sent to the client to verify that the client has permission and 
has not been tampered, ensuring that the client restricts use of the data (such as image 
data, which is displayed at a client) before it is sent (see p. 1 1 , lines 4-17; p. 14, lines 
27-29; p. 16, line 20 to p. 17, line 20). 



Claim Rejections - 35 USC § 103 



The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 8 and 25 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
U.S. Patent No. 5,825,879 to Davis in view of U.S. Patent No. 5,517,569 to Clark. 

As per claim 25, Davis discloses a client platform having a display and a 
communications means that is secure by dint of its receiving encrypted data (see 
column 3, lines 54-61) and an image processing module, the secure video content 
processor, that stores received images in a frame buffer (memory) and may sends its 
output directly to (i.e. controls) a display device (see column 3, line 62 to column 4, line 
17; column 4, lines 49-55; and column 5, lines 47-59). The SVCP is tamper-proofed, 
protected physically (see column 4, lines 32-48) and logically (protected key loading, 
see column 3, lines 27-43) from modification. The signal may be received from an on- 
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line service provider, which inherently employs a server (see column 3, lines 20-26), 
encrypted with a key for a specific authorized purpose (see column 3, lines 28-43). 

Davis does not disclose a mechanism for verifying the integrity of the platform 
upon user request. 

Clark discloses a hardware test in a protected platform in which a user may 
initiate the verifying of the platform's integrity (see column 5, lines 32-35). One skilled in 
the art would recognize that it is important for a user to have confidence in the platform 
that he or she is using. 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to modify the invention of Davis by implementing it with a user- 
initiated integrity check, as disclosed by Clark, so that a user may have confidence in 
the platform that he or she is using. 

Regarding claim 8, by authenticating the received data, Davis' client in effect 
verifies the trusted status of another platform, the server. 

5. Claims 3, 6, 9, 15-17, 19-22, 25, 28, and 29 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over WIPO Patent Publication No. 98/44402 to Bramhill et al. as 
applied to claim 26 above and further in view of U.S. Patent No. 5,825,879 to Davis 
further in view of U.S. Patent No. 5,517,569 to Clark. 

Regarding claims 25, 28, and 29, Bramhill does not disclose the physical 
protection of the client from unauthorized modification. 
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Davis discloses a tamper-proof client, as disclosed above, that receives image 
data into a frame buffer and displayed. Davis further suggests that by protecting the 
data over the entire processing flow, an unauthorized copier will find it more difficult to 
capture the unencrypted digital representation (see column 2, lines 61-64). 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to modify the invention of Bramhill by using Davis' tamper- 
proofing at the client, to make it more difficult to capture the unencrypted digital 
representation. 

Bramhill and Davis do not disclose a mechanism for verifying the integrity of the 
platform upon user request. 

Clark discloses a hardware test in a protected platform in which a user may 
initiate the verifying of the platform's integrity (see column 5, lines 32-35). One skilled in 
the art would recognize that it is important for a user to have confidence in the platform 
that he or she is using. 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to modify the invention of Bramhill and Davis by implementing it 
with a user-initiated integrity check, as disclosed by Clark, so that a user may have 
confidence in the platform that he or she is using. 

Regarding claim 3, Bramhill discloses the monitoring of integrity of the client and 
data flows by comparing current values to initial characteristics (see p. 17, lines 1-20). 
The integrity of the image may be verified by using a hash (see p. 14, lines 14-19). 
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Regarding claim 6, 15, and 19, Bramhill discloses that the client (user) initiates 
data requests (see p. 9, lines 15-29). Though Bramhill does not specifically recite a 
secure user interface, Davis' modification, which dictates that the transaction must be 
secure on an end-to-end basis, necessitates a secure user interface to the server from 
the client as well. 

As per claim 9, 17, and 22, Bramhill also discloses the use of a smart card for 
authentication of the client by the server during a session, which inherently requires a 
smart card reader (see p. 18, lines 20-25). 

Regarding claim 16, different parts of the transaction are being respectively 
performed at the client and server. 

Regarding claim 20, the steps of requesting and receiving transmissions may go 
on indefinitely. 

Regarding claim 21, Bramhill does not disclose the maintaining of usage logs. 

Davis discloses the use of metering (usage logs) in such transactions, in order to 
maintain billing records for transmission to a transaction clearing house (see column 1, 
lines 60-63). 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to further modify the invention of Bramhill by using metering, as 
per Davis, in order to maintain billing records for transmission to a transaction clearing 
house. 



Application/Control Number: Page 7 

10/088,258 

Art Unit: 2134 

6. Claims 10, 23, and 24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over WIPO Patent Publication No. 98/44402 to Bramhill et al. in view of 
U.S. Patent No. 5,825,879 to Davis further in view of U.S. Patent No. 5,517,569 to Clark 
as applied to claims 25 and 29 above, and further in view of U.S. Patent No. 5,990,927 
to Hendricks et al. 

Bramhill, Davis, and Clark do not disclose the insertion of server-provided into 
data streams. 

Hendricks discloses the integration of advertisements (i.e. not requested by the 
client) into the program signal (see column 9, lines 16-23), and suggests that because 
of this, local headends (servers) are not constrained to show only programs transmitted 
from the operations center (see column 7, lines 61-67). 

Therefore, it would have been obvious to one having ordinary skill in the art at 
the time the invention was made to modify the invention of Bramhill, Davis, and Clark by 
allowing for the insertion of advertisements into data streams, as disclosed by 
Hendricks, so that local headends are not constrained to show only programs 
transmitted from the operations center. 

7. Claims 7 and 27 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
WIPO Patent Publication No. 98/44402 to Bramhill et al. in view of U.S. Patent No. 
5,825,879 to Davis further in view of U.S. Patent No. 5,517,569 to Clark as applied to 
claims 25 and 26 above, and further in view of U.S. Patent No. 6,219,788 to Flavin et al. 
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Bramhill, Davis, and Clark do not disclose the authentication of a protected 
server-trusted component by a client. 

Flavin discloses a computer watchdog system wherein tamper protection may be 
incorporated at either the server or client in a content distribution system, monitoring 
other systems, in order to ensure just execution of agreements between a producer and 
distributor of the content (see abstract). 

Therefore, it would have been obvious to one having ordinary skill in the art at 
the time the invention was made to modify the invention of Bramhill, Davis, and Clark by 
using Flavin's watchdog system, in order to ensure just execution of agreements 
between a producer and distributor of the content. 

8. Claim 30 is rejected under 35 U.S.C. 103(a) as being unpatentable over WIPO 
Patent Publication No. 98/44402 to Bramhill et al. as applied to claim 26 above and 
further in view of U.S. Patent No. 5,825,879 to Davis further in view of U.S. Patent No. 
5,355,414 to Hale et al. 

Regarding claims 25, 28, and 29, Bramhill does not disclose the physical 
protection of the client from unauthorized modification. 

Davis discloses a tamper-proof client, as disclosed above, that receives image 
data into a frame buffer and displayed. Davis further suggests that by protecting the 
data over the entire processing flow, an unauthorized copier will find it more difficult to 
capture the unencrypted digital representation (see column 2, lines 61-64). 
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Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to modify the invention of Bramhill by using Davis' tamper- 
proofing at the client, to make it more difficult to capture the unencrypted digital 
representation. 

Bramhill and Davis do not disclose a locking of a user interface. 

Hale discloses a security system in which the user interface may be blanked 
(locked) (see column 13, lines 16-19), so that, in an insecure situation, information 
visible on the display is not viewable (see column 3, lines 27-33). 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to modify the invention of Bramhill and Davis by allowing for a 
locking display, as disclosed by Hale, so that insecure information on a display is not 
viewable. 

Response to Arguments 

9. Regarding Applicant's argument over claim 26 et al., Applicant's arguments filed 
14 September 2007 have been fully considered but they are not persuasive. In the 
examination of a patent application, the meanings of claim terms are given their 
broadest reasonable interpretation in light of Applicant's specification. See In re Hyatt, 
211 F.3d 1367, 1372, 54 USPQ2d 1664, 1667 (Fed. Cir. 2000), Phillips v. AWH Corp., 
415 F.3d 1303, 1312-17 (Fed. Cir. 2005) (en banc). It has been previously noted (see 
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Non-Final Rejection, mailed 19 June 2007) that though the client disclosed by Bramhill 
is not as well-protected as that of the instant application, it nonetheless constitutes a 
trusted component insofar as the term is defined in the instant application's 
specification. Bramhill does disclose the authentication of the platform, thus establishing 
a level of trust about the client platform. That the client is programmed in Java is 
irrelevant. The security of a programming-language is implementation-dependent, and 
programming languages are not inherently insecure by themselves. Applicant has not 
specifically pointed what, if any, language in Applicant's specification would give the 
term a meaning that would preclude the interpretation used for "trusted component" 
herein. 

Regarding Applicant's argument that Bramhill only discloses a program, Bramhill 
discloses a program that is installed on an authenticated client (see p. 11, lines 4-5, for 
example); the client and program must be considered together and do anticipate 
Applicant's invention as claimed. The fact that Bramhill discloses authentication for the 
reasons concerning payment collection does not mean that the client running the 
program is not a "trusted component." 

Regarding Applicant's argument that the display is not being controlled from 
within the trusted component, Bramhill's disclosure clearly shows that the images being 
displayed are being controlled by software in the authenticated client to display received 
non-functional descriptive material or, alternatively, error messages (see p. 14, lines 21- 
29). 
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Regarding Applicant's argument that Bramhill's invention does not check for 
tampering, that property is not explicitly claimed, and is not inherently necessary for a 
component to be "trusted." 

10. Regarding Applicant's argument over claim 25 et al., Applicant's arguments filed 
14 September 2007 have been fully considered but they are not persuasive. 

Davis' invention clearly includes protection against the use of unauthorized keys, 
including the encrypting of decryption keys, which one skilled in the art would recognize 
as potentially frustrating an attempt to misuse the system. It therefore enjoys some 
protection from unauthorized modification. 

Regarding Applicant's argument that one skilled in the art would not be motivated 
to incorporate Clark's teachings into the invention of Davis, it is noted that, when there 
is a desire to make a system secure, it is reasonable for one skilled in the art to add 
additional layers of security to an invention. Though headend systems are typically 
installed in home environments, they can also be found in more secure locations. 
"Users" in a deployment may just be the customers themselves (who themselves may 
have reasons for having an untampered system), but also technicians from the service 
provider. 

Regarding Applicant's argument that only one of many functionalities is being 
imported from Clark into Davis' invention, there is no reason why one skilled in the art 
would not wish to incorporate additional features; however, those issues need not be 
addressed because they are not part of the claimed invention. Both of the references 
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are to secure computing systems and are sufficiently analogous that one skilled in the 
art would find it advantageous to combine them. 

Regarding Applicant's argument that the authentication of data does not verify 
the trusted status of a source, it is noted that since data from a bad source would fail the 
authentication check, a successful authentication affirms that a source is, at least to 
some extent, trustworthy. 

1 1 . Regarding Applicant's argument over claim 3 et al., Applicant's arguments filed 
14 September 2007 have been fully considered but they are not persuasive. 

Regarding Applicant's argument that one skilled in the art would not be motivated 
to modify BramhiU's invention using Davis and Clark, Bramhill does not give specifics as 
to what kind of display should be used. Davis and Clark's invention is a display 
controller, and can therefore easily be combined into Bramhill to fulfill that role. Since 
each invention contributes attributes that make the whole system more secure, it would 
be obvious to combine them all in order to enjoy greater overall security. 

12. Regarding Applicant's argument over claim 30, Applicant's arguments filed 14 
September 2007 have been fully considered but they are not persuasive. 

Regarding Applicant's argument that the display is deactivated, rather than the 
user interface, since the user interface is dependent upon the display, the loss of the 
display renders the user interface useless, thus effectively locking it. Since Hale's 
modification provides further protection from misuse over and above that provided in the 
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other references, one skilled in the art would reasonably be motivated to incorporate it 
in order to further enhance security. 

Conclusion 

1 3. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

14. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Matthew E. Heneghan, whose telephone number is 
(571) 272-3834. The examiner can normally be reached on Monday-Friday from 8:30 
AM - 4:30 PM Eastern Time. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand, can be reached at (571) 272-3811. 
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Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks 
P.O. Box 1450 
Alexandria, VA 22313-1450 
Or faxed to: 

(571) 273-3800 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (571) 272- 



Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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